IRS alerts public to ‘tax reminder’ phishing scam

Plus, an Insta-scam snaps up login info, TrickBot makes a grab for your mobile PIN, and Brazil restabilizes after Telegram voicemail hacks

The U.S. Internal Revenue Service issued an alert to taxpayers about a new phishing scam that uses fraudulent emails posing as IRS communications to direct American taxpayers to download malware. With subject lines such as “Automatic Income Tax Reminder” or “Electronic Tax Return Reminder,” the emails allege that there is an issue with the target’s tax account, return, or refund. The target is given a temporary password and instructed to use it to access their file on a phony IRS webpage. In reality, using the password downloads a malicious file onto the victim’s computer. The agency’s release reminds taxpayers that the IRS will never initiate contact through email or text, generally sending correspondence through the mail instead. 

Google researchers reveal wide-ranging iPhone hack

Google researchers have revealed that they found hacked websites that slipped malware onto people's iPhones for years, CNET and other news agencies reported. Google reported its findings to Apple in February, and the vulnerability was patched within a week. Google researcher Ian Beer wrote in a Thursday blog post detailing the team's discovery that "We estimate that these sites receive thousands of visitors per week." This hack gave attackers control of iPhones, allowing them to install malicious apps, get GPS data and steal messages. Attacks also sent stolen data without encryption, so anyone on the same Wi-Fi network could see stolen content. The malware was wiped when people rebooted their iPhones. “This is significant research,” said Nikolaos Chrysaidos, head of mobile threat intelligence and security at Avast. “It captures in-the-wild attacks that worked through the browser for an extended period of time. So we see a high level of hacking that could do serious damage. Apple is getting better at alerting and empowering its users about cybersecurity, but the company must improve. For now iPhone users should stay up to date with the latest software updates.”

This week’s stat

62 U.S. colleges and universities were hacked by cybercriminals who gained access to student information via malicious requests on the internet, the Department of Education reported

2FA used to trick victims in Insta-scam 

Similar to the IRS scam, phishing emails are trying to trick Instagram users into entering their login credentials on attacker-controlled pages. SC Magazine reported that the new email scam uses a convincingly brief note that reads, “Someone tried to log in to your Instagram account. If this wasn’t you, please use the following code to confirm your identity.” The victim is given a 6-digit code and a link. Clicking the link and using the code, the victim is taken to a malicious domain disguised as the Instagram login page. Entering the requested credentials would give the attackers everything they need to hijack the account. Avast Security Evangelist Luis Corrons commented that cybercriminals are always doing their best to fool the public. “The advice for users is always the same,” he stated. “If you have any doubts about your account, just go directly to the site and log in. If there really is an issue, you will find out there. Never click the links in suspicious emails, especially when they say there is a security problem.”  

TrickBot targets Verizon, T-Mobile, Sprint users

One of today’s most frequently used banking Trojans has been upgraded to try to steal the mobile PIN numbers of Verizon, T-Mobile, and Sprint users. First spotted in 2016, TrickBot has undergone dozens of upgrades. Bleeping Computer reported that the newest TrickBot variant has capabilities to intercept the web traffic between an infected victim and the mobile carrier websites. Instead of allowing the victim to reach the legitimate site, TrickBot inserts a phony page asking for the user’s PIN number in addition to the username and password. Once the attackers have a victim’s PIN number, they could attempt to take control of the phone number and intercept text and voice messages via its SIM (subscriber identity module). 

This week’s quote

“Countries around the world are turning to computer technology and internet-connected systems to try to make elections better, but the fact is that opens up whole new categories of risk.” – Alex Halderman, a University of Michigan professor who has researched election hacking since 2006. Halderman speaks in October at Avast’s CyberSec & AI Prague conference. Read more. 

Telegram fixes voicemail hack that shook Brazil

Responding to the furor that arose when four hackers allegedly used a Telegram voicemail hacking trick to compromise high-ranking Brazilian politicians, the instant message service rolled out a fix to prevent it from happening again. ZDNet reported that the accused hackers hijacked over 1,000 Brazilian Telegram accounts including those of President Jair Bolsonaro, Justice Minister Sergio Moro, and Economy Minister Paulo Guedes. The voicemail hack was executed by exploiting the process of adding a Telegram account to a new device. Hackers were able to add other accounts to their own by hacking into the victim’s voicemail to retrieve a special passcode. Once the accounts were linked, hackers could see the victims’ private instant message traffic. Telegram has since disabled the hack with new security measures. 

This week’s ‘must-read’ on The Avast Blog

Avast researchers worked with French and U.S. law enforcement to stop 850,000 infections by a “worm” – or malware that replicates – by causing the threat to destroy itself. Read more


Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all of your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN.

--> -->